Don't require passing in port_security=False if security_groups present
If creating a port on a network that is marked as port_security_enabled=False and one passes in a security_group in the port_create request previously an error was raised saying they needed to also pass in port_security_enabled=False. This patch removes that requirement and instead sets port_security_enabled=True internally if a port has an ip_address and a security_group is passed in. This is more convient and does not break backwards compatibility. Closes-bug: #1267249 Change-Id: Ifb5a5511f016a5d8c5b5075c9fdc27279cdd9bb5
This commit is contained in:
parent
7fb2d579ae
commit
a5ccc2358d
|
@ -161,6 +161,13 @@ class PortSecurityDbMixin(object):
|
||||||
if (psec.PORTSECURITY in port and
|
if (psec.PORTSECURITY in port and
|
||||||
isinstance(port[psec.PORTSECURITY], bool)):
|
isinstance(port[psec.PORTSECURITY], bool)):
|
||||||
port_security_enabled = port[psec.PORTSECURITY]
|
port_security_enabled = port[psec.PORTSECURITY]
|
||||||
|
|
||||||
|
# If port has an ip and security_groups are passed in
|
||||||
|
# conveniently set port_security_enabled to true this way
|
||||||
|
# user doesn't also have to pass in port_security_enabled=True
|
||||||
|
# when creating ports.
|
||||||
|
elif (has_ip and attrs.is_attr_set('security_groups')):
|
||||||
|
port_security_enabled = True
|
||||||
else:
|
else:
|
||||||
port_security_enabled = self._get_network_security_binding(
|
port_security_enabled = self._get_network_security_binding(
|
||||||
context, port['network_id'])
|
context, port['network_id'])
|
||||||
|
|
|
@ -263,6 +263,28 @@ class TestPortSecurity(PortSecurityDBTestCase):
|
||||||
self.assertEqual(len(port['port'][ext_sg.SECURITYGROUPS]), 1)
|
self.assertEqual(len(port['port'][ext_sg.SECURITYGROUPS]), 1)
|
||||||
self._delete('ports', port['port']['id'])
|
self._delete('ports', port['port']['id'])
|
||||||
|
|
||||||
|
def test_create_port_with_security_group_and_net_sec_false(self):
|
||||||
|
# This tests that port_security_enabled is true when creating
|
||||||
|
# a port on a network that is marked as port_security_enabled=False
|
||||||
|
# that has a subnet and securiy_groups are passed it.
|
||||||
|
if self._skip_security_group:
|
||||||
|
self.skipTest("Plugin does not support security groups")
|
||||||
|
res = self._create_network('json', 'net1', True,
|
||||||
|
arg_list=('port_security_enabled',),
|
||||||
|
port_security_enabled=False)
|
||||||
|
net = self.deserialize('json', res)
|
||||||
|
self._create_subnet('json', net['network']['id'], '10.0.0.0/24')
|
||||||
|
security_group = self.deserialize(
|
||||||
|
'json', self._create_security_group(self.fmt, 'asdf', 'asdf'))
|
||||||
|
security_group_id = security_group['security_group']['id']
|
||||||
|
res = self._create_port('json', net['network']['id'],
|
||||||
|
arg_list=('security_groups',),
|
||||||
|
security_groups=[security_group_id])
|
||||||
|
port = self.deserialize('json', res)
|
||||||
|
self.assertEqual(port['port'][psec.PORTSECURITY], True)
|
||||||
|
self.assertEqual(port['port']['security_groups'], [security_group_id])
|
||||||
|
self._delete('ports', port['port']['id'])
|
||||||
|
|
||||||
def test_update_port_security_off_with_security_group(self):
|
def test_update_port_security_off_with_security_group(self):
|
||||||
if self._skip_security_group:
|
if self._skip_security_group:
|
||||||
self.skipTest("Plugin does not support security groups")
|
self.skipTest("Plugin does not support security groups")
|
||||||
|
|
Loading…
Reference in New Issue